Slimband Privacy Policy

Slimband Inc. is a Health Information Network Provider under the Personal Health Information Protection Act, 2004 S.O. 2004, c.3 (hereinafter PHIPA) and as such has certain obligations under PHIPA respecting the protection of Personal Health Information.

In this Privacy Policy:

"Personal Information" has the meaning ascribed thereto in the Personal Information Protection and Electronic Documents Act (Canada), S.C. 2000, c.5 and the regulations made thereunder and all amendments to that Act and its regulations.

"Personal Health Information" has the meaning ascribed thereto in PHIPA.

"Services" Means services provided to custodians.

Slimband Privacy Obligations

LIMITING COLLECTION OF INFORMATIONCollection of Personal Health Information shall be limited to that which is necessary for the fulfillment of services.

LIMITING DISCLOSURE AND RETENTION OF INFORMATIONPersonal Health Information will not be disclosed except in accordance with Slimband's obligations under its client agreements.

Slimband is committed to the proper classification, secure retention, and timely disposal of any record containing Personal Health Information that is deposited to or generated in client projects or collected by Slimband on behalf of client organizations, regardless of the media or format, including electronic and paper records, records in Slimband's possession or control, and records in the possession or control of contractors, outsourced service providers, consultants, or external parties performing tasks on behalf of Slimband.

ENSURING ACCURACYSlimband will ensure that appropriate reviews are executed for client data integrity, will report any data integrity issues to appropriate management, and will correct all data integrity issues in a timely manner.

A process for the correction of any Personal Health Information will be designed as deemed necessary, to handle issues that cannot be corrected through normal system use or update mechanisms.

SAFEGUARDSSlimband will implement security safeguards appropriate to the sensitivity of the information to protect Personal Health Information against loss or theft, as well as unauthorized use, access, disclosure, copying, modification, or disposal.

OPENNESSSlimband will:

Disseminate to each client organization and to the public a plain language description of the services that is appropriate for sharing with the individuals to whom the Personal Health Information relates. This description will include a general description of the safeguards in place to protect against loss, theft, unauthorized use, access, disclosure, copying, modification, or disposal, and to protect the integrity of the Personal Health Information.

Disseminate to the public any directives, guidelines, and policies of Slimband that apply to the client services to the extent that these do not reveal a trade secret or confidential scientific, technical, commercial, or labour relations information.

Disseminate to the public a general description of the safeguards implemented by Slimband in relation to the security and confidentiality of the Personal Health Information.

INDIVIDUAL ACCESSSlimband has a documented process and procedure, with clear lines of accountability, to comply with applicable sections of PHIPA referring to individual access.

Slimband has in place systems and processes to produce audit trails, which if necessary can be used to trace privacy and security violations and breaches.

GOVERNANCEIn order to meet its governance obligations under PHIPA and its agreements with its clients, Slimband will:

Assign a privacy and security officer (PSO) to ensure compliance with obligations related to privacy and security.

Assign an information security officer (ISO) to be responsible for overseeing the information security aspects of the solution(s) being used.

Develop a RACI (responsible, accountable, consulted, and informed) chart to clearly define all privacy and security roles and responsibilities as they relate to Slimband obligations in client systems.

Develop key performance indicators to assess and report on privacy or security metrics reports for the particular engagement.

Review the Slimband privacy and security policy, and privacy and security practices, processes, and procedures annually to ensure that they comply with applicable legal, contractual, industry and regulatory standards and requirements, and to determine whether changes are necessary or appropriate based on changes in laws and regulations or significant legal or other developments.

HUMAN RESOURCESSlimband shall use and develop practices, processes, and procedures to ensure that employees, consultants, or permitted agents who perform services or otherwise have access to Personal Health Information will:

Sign a confidentiality agreement and code of conduct.

Be informed of all privacy and security-related policies and procedures and ensure that all privacy and security-related policies and procedures are readily accessible to all personnel.

Obtain a satisfactory background screening of all employees, consultants, or permitted agents who perform services or otherwise have access to Personal Health Information, in accordance with its client agreement(s).

TRAINING AND AWARENESSSlimband believes that a culture of privacy and security is necessary to meet the individual and collective responsibilities of its organization, and delivers comprehensive training and ongoing awareness initiatives to its employees and agents.

AUDITING POLICY AND PROCEDURESFor each project, Slimband will draft policies, procedures, and processes to regularly, and with predefined frequency, audit projects to monitor that Slimband is in accordance with agreements and legislation, and to identify privacy incidents and breaches.

BREACH RESPONSE PROTOCOLSlimband promises the ability to promptly and appropriately respond to, contain, and mitigate the impact of any privacy or security breach or incident. Accordingly, Slimband will have a documented breach response protocol to identify, manage, and resolve privacy and security breaches and incidents which occur as the result of loss, theft, unauthorized use, access, disclosure, copying, modification, or disposal of Personal Health Information.

COMPLAINT MANAGEMENTSlimband has documented procedures, with clear accountabilities, to ensure that it:

promptly notifies the client's Service Delivery Lead by email, followed by written notification, of any enquiry or complaint received by Slimband relating to the processing of Personal Health Information; and

promptly complies and fully co-operates with all instructions of client management with respect to any action taken in response to such enquiry or complaint.

OPERATING PROCEDURESSlimband has practices, processes, and procedures in place to ensure that it meets all requirements of PHIPA and of its client agreements.

Policy Concerning Business Operations, Including Web and Social Media

INFORMATION WE COLLECTSlimband and its affiliates ("Slimband") have adopted a privacy policy that limits what we can do with Personal Information collected through our business operations, website, email, or other social media. Personal Information includes information about an identifiable individual other than name, address, email, and phone number, such as demographic information, information collected through our website, or other information we may collect from you from time to time. Submitted job applications, including resumes and references, would also qualify as Personal Information.

USE OF PERSONAL INFORMATIONSlimband may use or collect Personal Information about you to help us provide services to you, such as to respond to your requests, verify your identity, provide services to you, process payments, process changes or updates to your account, send you notifications, conduct customer satisfactory surveys, provide information regarding our products or services, develop or enhance our products and services, manage and develop our business and operations, or generally maintain our relationship with you.

Any disclosure to third parties is made on a confidential basis, with the information to be used only for the purposes for which it was disclosed. Your Personal Information may also be shared if Slimband becomes part of a merger, amalgamation, joint venture, joint project delivery, or otherwise sells its business or part of its business. Slimband currently has partnerships or may act as a reseller of products such as Medifast, or Slimband Weight Loss Services, and hence may share personal information for the sole purpose of packaging or delivery of services or products.

PROTECTING YOUR PERSONAL INFORMATIONWe follow industry standards to safeguard the confidentiality of your Personal Information. We use a variety of physical, electronic, and procedural safeguards to protect personal information. We do not warrant that the safeguards we implement are sufficient to protect Personal Information you transmit over the Internet. Most of your Personal Information is stored in Canada, Iceland, or the USA. Some companies providing services to Slimband may be located outside of Canada (including the USA) and your Personal Information may be stored in those jurisdictions. As such, your Personal Information may be made available to the government or its agencies under a lawful order made in that country (including the USA). For further information, please contact us at 68 Prince Arthur street, Toronto, Ontario or privacy@slimband.com.

ANALYTICSWe use "Google Analytics" to collect information about use of this site. Google Analytics collects information such as how often users visit this site, what pages they visit when they do so, and what other sites they used prior to coming to this site. We use the information we get from Google Analytics only to improve this site. Google Analytics collects only the IP address assigned to you on the date you visit this site, rather than your name or other identifying information. We do not combine the information collected through the use of Google Analytics with personally identifiable information. Although Google Analytics plants a permanent cookie on your web browser to identify you as a unique user the next time you visit this site, the cookie cannot be used by anyone but Google. Google's ability to use and share information collected by Google Analytics about your visits to this site is restricted by the Google Analytics Terms of Use (as amended for government websites) and the Google Privacy Policy. You can prevent Google Analytics from recognizing you on return visits to this site by disabling cookies on your browser.

Google Analytics employs cookies to define user sessions, which allows for the collection of data about how visitors are using the websites. Google Analytics uses only first-party cookies for data analysis. This means that the cookies are linked to a specific website domain, and Google Analytics will only use that cookie data for statistical analysis related to your browsing behavior on that specific website. According to Google, the data collected cannot be altered or retrieved by services from other domains.

If you choose, you can opt out by turning off cookies in the preferences settings in your web browser. For more information on Google Analytics, please visit Google Analytics

YOUR CONSENTBy way of any communication received from you, you are consenting to the collection, use, and disclosure of your Personal Information by providing us, our agents or partners, or such other third parties with your Personal Information. We may contact you by phone, email, or text to provide you with notifications, updates, or other information regarding our services and products.

You may withdraw your consent by mailing us at 68 Prince Arthur Street, Toronto Ontario or emailing us at privacy@slimband.com. Please understand that your withdrawal of consent may affect or limit our ability to provide services or products to you.

Please contact us by mail if you have any questions or concerns about our handling of your Personal Information.

Our privacy policy may change from time to time, so please check with us periodically.

How You Can Access or Correct Information

Access to personally identifiable information that is collected from our sites and that we maintain may be available to you. For example, if you created a password-protected account within our site, you can access that account to review the information you provided.

You may also send an e-mail or letter to the following e-mail or street address requesting access to or correction of your personally identifiable information. For verification purposes please include your first name, last name, e-mail address and the password you use for such service.